If you have unpatched Windows systems which are affected, please see below for instructions on how to recover from WannaCrypt.

Hospitals running PatientSource are still able to access their full PatientSource system. PatientSource is cross-platform and can accessed via any modern web browser, which means that even if all of a hospital's internal Windows computers are infected, their PatientSource system can still be accessed by their non-Windows computers, tablets and smartphones. PatientSource uses security-hardened Linux servers with daily patching so is not vulnerable.

It is safer to have patient data stored on professionally maintained, up to date cloud infrastructure, such as PatientSource hosted on Microsoft's Azure, than in on-premises hospital networks which may have unpatched vulnerable systems.

The outbreak:

The malware responsible for the 12th May ransomware outbreak was WannaCrypt (.WCRY). .WCRY was first seen in February 2017 in the wild in Europe. A second variant appeared today (12th May 2017) rapidly spreading across Europe. Telefonica, the Spanish ISP was particularly affected. At some point in the afternoon, WannaCryptor reached central NHS servers and began spreading to GP Practices and hospitals.

All versions of Windows and Windows Server which have not received Microsoft's March 2017 patch MS17-010 are vulnerable.

How WannaCrypt works:

WannaCrypt spreads across vulnerable Windows servers and terminals. Once a machine is infected, it begins encrypting files and folders which can only be recovered by decrypting them again with the correct key. WanaDeCryptor throws up a screen demanding a ransom paid in Bitcoins in order to obtain the key to decrypt your files.

Files are encrypted using the symmetric encryption cipher AES 128-bit. AES is the industry standard symmetric encryption technology, which at 128 bit key length would take even a supercomputer 1 billion billion years to crack. AES is a useful technology for protecting data from unauthorised access, however WannaCrypt abuses it to lock away files from their rightful owners until a ransom is paid.

The vector for spreading WannaCrypt is thought to be the Windows SMB (Server Message Block) protocol. SMB allows users to share files and folders across a network. Once the malware has reached a new Windows Server or Windows computer, it exploits a vulnerability in the Windows Malware Detection service to execute. The malware then begins searching the hard drives and shared network folders, encrypting any non-system file it encounters.

Affected operating systems:

Microsoft Windows: XP, Vista, 8, 8.1, 10

Windows Server: 2003, 2008, 2008 R2, 2012, 2012 R2, 2016

Why the NHS has been affected:

Much of the NHS still runs on-premises servers. With increasing pressure on NHS finances, many hospital Trusts do not have sufficient numbers of in-house IT staff to keep all their servers up to date with daily patches. Many NHS Trusts are running unsupported end-of-life operating systems such as Windows XP and Windows 2003 due to budgetary constraints.

It is much safer to keep patient data on an ISO27001 certified professionally-maintained cloud service such as PatientSource hosted on Microsoft’s Azure infrastructure, than on hospital premises where there may be unpatched systems.

How to recover from a WannaCrypt attack:

You can restore your systems in the following manner (requires administrative privileges):

1) Reboot the affected Windows terminal or Server in "Safe Mode with Networking".

2) Download and apply the MS12 010 patch which was originally released in March. Windows Update will automatically fetch this for you if switched on.

5) Restore your non-system files from your most recent backups, if you have them.

At the moment, there is no known flaw in the WannaCrypt encryption routine. Security researchers are working hard to find a flaw. If one is found, this may allow us to break the WannaCrypt encryption and provide a program for users to decrypt their affected files.

We advise you not to pay the ransom. Not only will paying the ransom fuel more crimes like the WannaCrypt outbreak, you are also likely to end up on a list of people who are willing to pay, thus will be targeted in future attacks.

Need help?

PatientSource Ltd is providing healthcare organisations with low-cost expert IT help to recover from ransomware attacks and to harden their systems against future attacks. Please Contact Us if you are affected. PatientSource systems are already immune to this attack.

Updated 2017-05-13 10:10 UTC: Amended the total number of NHS organisations affected. Added instructions for how to remove the ransomware.

We are proud to announce that today PatientSource has gone live at James Paget University Hospital Ambulatory Care Unit in Great Yarmouth. As James Paget’s Ambulatory Care Unit is involved with our early adoption programme, we’ve decided to provide the unit with a zero-fee trial of our bespoke modules.

We are very pleased to announce that PatientSource have formed a partnership with Trustmarque, a company with strong experience in providing effective technological approaches to the public sector, in order to work together to deliver comprehensive IT solutions to the NHS.

As the age of paper-based patient record systems comes to an end, a number of electronic patient record systems have emerged as potential alternatives. However, almost all to date have come with their own share of problems and difficulties which negatively impact upon the ability of healthcare professionals to provide the care that patients deserve on a day-to-day basis.

As PatientSource has been developed by doctors & nurses with years of experience in providing frontline care we believe that PatientSource avoids the pitfalls encountered by legacy electronic patient record systems through its intuitive nature and resemblance to traditional paper charts whilst also standing out due to its innovative cloud-based structure and tablet-compatibility.

What’s more, we estimate that PatientSource could potentially save the average NHS Trust £16.5m per year. That translates to ~4.7% of the average NHS Trust’s annual budget. If you’d like to learn more then feel free to visit www.patientsource.co.uk and check out our online demo!

PatientSource is a clinician-led company. We pride ourselves on putting the interests of doctors and nurses first. Which is why we're supporting the Junior Doctors strike action in the dispute over imposed junior doctor contracts.

And here's why you should support them too... #notsafenotfair #juniorcontract

We've been very busy the last few weeks showing off our latest developments at the EHI Live and Patient First conferences in London and Birmingham. We're extremely grateful to our partners, Microsoft and Tech UK who hosted us during each of the two day conferences.

PatientSource in the Microsoft Partners' Village at EHI Live 2015

PatientSource brings all the benefits of Electronic Patient Records right to the bedside on tablet computers

At PatientFirst, our lead clinician Dr. Michael Brooks couldn't help but draw attention to himself as he showcased the user friendly clinical features.

PatientSource is committed to improving how healthcare data and is always looking for additional means to support data sharing. When we heard about TechUK's initiative to introduce an Interoperability Charter we were keen to demonstrate that we shared the values it espouses and were one of the first organisations to sign the charter.

Suppliers will be committing to five key principles:

We will make available to other suppliers, the NHS and Local Authorities, the technical specifications of our interfaces without charge.

Where there is customer demand we agree to co-operate without charge with other suppliers in developing interfaces.

We will not reinvent the wheel and will use internationally recognised standards where relevant.

We will only charge reasonable and proportionate fees to the end user organisation for Licensing, Implementation and Support services required for the interfaces.

Where new interfaces or enhancements to existing interfaces are required, we will not charge twice for the same software development.

In return for these new principles of interoperability we ask that the NHS and Local Government reciprocate by guaranteeing that:

Nationally defined interoperability standards are based on internationally recognised standards and upon pragmatic, real-world requirements driven by business needs, in partnership with appropriate industry bodies such as techUK.

Where accreditation or compliance testing is deemed necessary it will be kept lighttouch, proportionate, open to all, adequately resourced, and free.